|
Full Disclosure
mailing list archives
Re: [Wired Security/EOF] Disable Windows Defender(Vista) PoC code
From: "Fredrick Diggle" <fdiggle () gmail com>
Date: Sat, 17 May 2008 02:31:50 +1000
Fredrick Diggle's code was signed by Fredrick Diggle himself. How much
more credibility do you want?
On Fri, May 16, 2008 at 7:33 AM, <skyout.fd () wired-security net> wrote:
On Wed, 14 May 2008 13:49:35 -0700, "Peter Ferrie" <peter.ferrie () gmail com>
wrote:
my friend Izee from the EOF-Project(.net) team has coded a
simple PoC code, that demonstrates how to disable the Windows
Defender on Vista (tested with and without SPs on x86/x64)
using its own API made for it.
Does he realise that he must be Admin first?
Then he he can just disable the service, or delete the files, or
whatever.
Using the API doesn't gain much here.
the thing is, that microsoft says, that ONLY SIGNED processes can do this,
this
is a lie, nothing more and in my oppinion this opens an attack vector and
provides
common insecurity...
cheers,
skyout
ps: http://msdn.microsoft.com/en-us/library/bb762466(VS.85).aspx | read
remarks
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
